如何在docker中添加Java应用程序的HTTPS认证?

时间:2016-11-10 15:15:47

标签: java ssl docker https certificate

我有一个java应用程序,它对受证书保护的HTTP API发出POST请求。当我第一次在本地运行它时遇到以下异常:

I/O error on POST request for "https://...
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

要解决此问题,我从Firefox导出了证书并执行了以下操作:

sudo keytool -import -alias example -keystore  /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -file /path/to/certificate.der

重新启动,然后就可以了。

现在我希望应用程序在Docker上运行。所以,正如我之前所做的那样,我使用Spotify的docker-maven-plugin作为基本图像。openjdk。第一个错误再次出现,所以我尝试以相同的方式修复它。

插件使用:

<plugin>
<groupId>com.spotify</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>0.4.13</version>
<configuration>
    <useConfigFile>true</useConfigFile>
    <imageName>${project.artifactId}:${project.version}</imageName>
    <baseImage>openjdk:latest</baseImage>
    <imageTags>
        <imageTag>latest</imageTag>
        <imageTag>${project.version}</imageTag>
    </imageTags>
    <resources>
        <resource>
            <targetPath>/path/${project.artifactId}</targetPath>
            <directory>${project.build.directory}</directory>
            <include>${project.build.finalName}-jar-with-dependencies.jar</include>
        </resource>
        <resource>
            <targetPath>/path/${project.artifactId}</targetPath>
            <directory>${project.basedir}</directory>
            <include>certificate.der</include>
        </resource>
    </resources>
    <runs>
        <run>$JAVA_HOME/bin/keytool -import -noprompt -trustcacerts -alias example -file /path/certificate.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit</run>
        <run>chmod 555 /path</run>
        <run>chmod 444 /path/${project.build.finalName}-jar-with-dependencies.jar</run>
    </runs>
    <entryPoint>
        ["java", "-jar", "/path/${project.build.finalName}-jar-with-dependencies.jar"]
    </entryPoint>
</configuration>

生成的Dockerfile是:

FROM openjdk:latest
ADD /path/application.jar /path/
ADD /path/certificate.der /path/
RUN $JAVA_HOME/bin/keytool -import -noprompt -trustcacerts -alias example -file /path/certificate.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
RUN chmod 555 /path
RUN chmod 444 /path/application.jar
ENTRYPOINT ["java", "-jar", "/path/application.jar"]

问题并未解决。我运行docker并且当发布请求完成时,我有完全相同的错误,就好像我没有在密钥库中获得证书,这是我在开头提到的那个。另外,如果我检查密钥库,它就有证书。

我错过了什么?

感谢任何帮助:)

0 个答案:

没有答案
相关问题
最新问题